|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Sylvain Chillaud (sylvain.chillaud
gmail.com)
Date: Tue Aug 10 2010 - 06:32:09 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Jun,
the answer is in your error message : you can't have !any in a rule -> means
'nothing'. You can't detect based on nothing.
Change that in the appropriate rule and it should be ok.
Regards,
Sylvain
2010/8/10 Jun Wan <junwei_wanhotmail.com>
> Hi,
>
> I installed SNORT on a fresh Ubuntu 10.04 by following
> http://it.thelibrarie.com/weblog/?p=515
>
> snort -c /etc/snort/snort.conf -i eth0
>
> I get the following:
>
> Running in IDS mode
> --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> Initializing Plug-ins
>
> ....pls see the attached details of "Snort installation error.rtf"...
>
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> Warning: /etc/snort/rules/dos.rules(42) => threshold (in rule) is
> deprecated; use detection_filter instead.
> ERROR: /etc/snort/rules/community-smtp.rules(13) => !any is not allowed
> Fatal Error, Quitting..
>
> Can't find much info via "google", so I would like to have your help.
>
> Any info and help would be much appreciated.
>
> Thanks for your patience with my many Snort questions.
>
> Regards
>
> John
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by
>
> Make an app they can't live without
> Enter the BlackBerry Developer Challenge
> http://p.sf.net/sfu/RIM-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]